In Kayako JWT tokens, that are intended for single sign-on, can also be used to access the API service. This can be useful, if, e.g., you want to embed some part of Kayako functionality into your web application, which is used as the SSO service.
This technique can be described as JWT authentication. To use this authentication scheme the API client must include the JWT token into its API request.
To authenticate you should supply the JWT token in the
Authorization HTTP header with the
Bearer schema as follows:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0NjQyODU3MTQsImp0aSI6IjF0RUMzTlJpYXhQblJvMGdCMDNZR0d0NXhVbVVoTExtIiwiZW1haWwiOiJqb3JkYW4ubWl0Y2hlbGxAYnJld2ZpY3R1cy5jb20iLCJuYW1lIjoiSm9yZGFuIE1pdGNoZWxsIiwicm9sZSI6ImFkbWluIn0.0N9G862lfuLdyeom8_t9VqyF35UUFY78EBDUsy5oXgI
Alternatively, you can use the
By default, the API service assumes, that the role of the user, which is authenticated using JWT, is
If it's not true, the API service will return an error.
Therefore, it is recommended, that the
role claim is always included into the JWT payload, when it is used to access API.
See also Payload.